[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: suggestion for checking unicode characters against "trojan source attacks"

Dear Jérémy,

> grep -r $'[\u061C\u200E\u200F\u202A\u202B\u202C\u202D\u202E\u2066\u2067\u2068\u2069]'

I implemented this in Perl both for file names, which I think may be
more important, and the contents of all files that identify as text
via file(1). The tag is called 'unicode-trojan'. [1] You should see
the results on the website in about a day.

For good measure, we check patched source files as well as files
shipped in installation packages.

I also added test cases to our test suite.

Thanks for the suggestion!

Kind regards
Felix Lechner

[1] https://salsa.debian.org/lintian/lintian/-/commit/d96d2930f17669f0a9509d1a1d319525d8064072
Reply to: